WSU Campus Attacked by New Phishing Scam

As per the report published in wsu.edu on July 4, 2012, a new phishing scam is hitting email boxes of employees of Washington State University (WSU) to collect their account information.

This current phishing scam seems to be relevant to WSU but it refers to a different WSU known as Wayne State University which seems to be the primary target. In spite of this, it has been seen by many individuals of different departments at Washington State University campus.

The subject line of the email reads "Urgent Notice" and the content says "Dear User, the password for your WSU Access ID will expire in 3 days. This could affect your access to Wayne State computing systems like WSU Pipeline, Blackboard, and Wayne Connect. WSU Computing & Information Technology (C&IT) encourages you to log in to remain active. If you need any help to change password or to confirm the validity of this message, please call the C&IT Help Desk number."

The fake email ends with a fake link which if clicked asks for personal details like network ID or password.

Security officials analyzing this phishing campaign emphasized that those who respond to this mail with their details are trapped.

Therefore, to moderate the chances of being victimized by these phishing emails, security officials emphasize some simple security tips. These are: Firstly, the message is unsolicited(as in above case) and asks you to reveal personal identity information (like password or ID as above case).

Secondly, the message creates a sense of urgency like in the above case. You need to be patient and need to think before clicking on links furnished with such scam emails. Mostly, users end up being the victims of phishing campaigns by acting impulsively.

Thirdly, if you think an email is not legitimate, you can verify it by contacting the sender directly like recipient in the above case should contact the WSU Computing & Information Technology staff. You should not use the contact information provided in the email as you may find it bogus. You should find out the contact details of the organization yourself, as advised by security officials.